Re: spyware file location question

Panda_man wrote:
My reply is at the bottom of your message :

"Todd and Margo Chester" wrote:

Hi All,

A few weeks back I did battle with Context Plus.
It really screwed up a clients laptop. And, yes, I
felt stupid when I found all I had to do was go to
add remove programs and remove it

While fighting it, I noticed that PC-cillin's
firewall kept prompting for access for a program
with no name ("C:\Program Files").

This week I noticed a customer with an obvious
piece of spyware having a similar PC-cillin
prompt to let out a program with only
a directory name and one of the directory names
had a question mark ("?") in it ("C:\Program
Files\Common Files\?dobe\...")

First, a program with no name; second a
program with no name and a directory with
a question mark in it.

Hmmmmm. Are these guys getting so cleaver
that they can run their garbage from deleted
areas of the hard drive? Anyone know what
is happening here? Is there a way to
defeat this, like destroying (overwriting) all
open space?

Many thanks
--Todd


Hello Todd!
Very unclear post ,first. You may want to redesign it and include more information.
http://support.microsoft.com/kb/555375


You mention about client laptops but if you are computer professional you should already know that spyware and any malware cannot be cleaned only with just removig them with Add/Remove programs. Malware never remove all its tracks and the malware program uninstaller always leaves nothing but the most important part of the virus/spyware and mostly it is deeply hidden for most users.


This week I noticed a customer with an obvious
piece of spyware having a similar PC-cillin
prompt to let out a program with only
a directory name and one of the directory names
had a question mark ("?") in it ("C:\Program
Files\Common Files\?dobe\...")

First, a program with no name; second a
program with no name and a directory with
a question mark in it.



Well , this is a question for Trend Micro not for Microsoft newsgroups.Recommend your clients use Windows Firewall in Windows XP SP2 or ZoneAlarm free for software firewall. Make them also buy a router with encryption and built-in hardware firewall so they'll have another protection.Make them use reputable and good products like Panda's products or the very impressive Nod32 Anti-threat system.

A good idea would be if you encorage your clints read Microsoft Protect your PC site
and learn more about malware http://www.microsoft.com/protect



Panda_man

You did not answer the question that I asked. ("Are these guys
getting so cleaver that they can run their garbage from deleted
areas of the hard drive?").

When you answer a posting with what you surmise is the question,
without actually reading it, other potential responders do not
read the initial posting because they see that it has already
been answered. This makes it difficult to get a useful reply.

This is a common problem in microsoft.public.xx newsgroups.
It does not occur with any where near the frequency in the
Linux news groups: why? I have no idea.

.